Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    /conf/acme has wide open permissions?

    Scheduled Pinned Locked Moved ACME
    2 Posts 2 Posters 697 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      Fry-kun
      last edited by

      Looks like the default permissions for /conf/acme allows anyone with shell access to read the private keys placed in there.
      User manager does warn that shell access is equivalent to admin rights, but maybe some more sane default can be used anyway? Similar to ~/.ssh/

      5 1 Reply Last reply Reply Quote 2
      • 5
        52buickman @Fry-kun
        last edited by 52buickman

        Specifically permissions on the .key files should be 600 or 640. This is a basic security for certificates.

        1 Reply Last reply Reply Quote 1
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.